Shared Single Password Across All EMS, EMS Client, ICC, HiPro, and Adjudication Systems (AZ)

The Cyber Ninjas audit documented that a single, identical password was used for all user accounts on all EMS, EMS client, adjudication, HiPro scanner, and ICC workstations – credentials installed by Dominion during the August 6, 2019 system installation and never changed through the date of the audit, a period exceeding two years and one presidential election. This directly violated Arizona’s 2019 Election Procedures Manual (EPM), §5, which mandates that “users and, if applicable, stations shall have unique usernames and secure passwords” and that “vendor-supplied generic passwords may not be used.” The practical consequence: any person who obtained the single credential – authorized, unauthorized, or via social engineering – had administrative access to every component of the election management infrastructure.